summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorMatt Bobrowski <mattbobrowski@google.com>2023-01-04 03:41:44 +0000
committerMimi Zohar <zohar@linux.ibm.com>2023-01-18 13:17:00 -0500
commit6dc387d52eb67f45d68caa263704fa4e39ef8e76 (patch)
treec78337ecff8bce07c9fe4837287db92d00f8e858 /security
parent5dc4c995db9eb45f6373a956eb1f69460e69e6d4 (diff)
downloadlinux-6dc387d52eb67f45d68caa263704fa4e39ef8e76.tar.gz
linux-6dc387d52eb67f45d68caa263704fa4e39ef8e76.tar.bz2
linux-6dc387d52eb67f45d68caa263704fa4e39ef8e76.zip
ima: fix error handling logic when file measurement failed
Restore the error handling logic so that when file measurement fails, the respective iint entry is not left with the digest data being populated with zeroes. Fixes: 54f03916fb89 ("ima: permit fsverity's file digests in the IMA measurement list") Cc: stable@vger.kernel.org # 5.19 Signed-off-by: Matt Bobrowski <mattbobrowski@google.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_api.c2
-rw-r--r--security/integrity/ima/ima_main.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index c1e76282b5ee..1e3a7a4f8833 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -292,7 +292,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
result = ima_calc_file_hash(file, &hash.hdr);
}
- if (result == -ENOMEM)
+ if (result && result != -EBADF && result != -EINVAL)
goto out;
length = sizeof(hash.hdr) + hash.hdr.length;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 377300973e6c..b1ae0f2751f1 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -337,7 +337,7 @@ static int process_measurement(struct file *file, const struct cred *cred,
hash_algo = ima_get_hash_algo(xattr_value, xattr_len);
rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig);
- if (rc == -ENOMEM)
+ if (rc != 0 && rc != -EBADF && rc != -EINVAL)
goto out_locked;
if (!pathbuf) /* ima_rdwr_violation possibly pre-fetched */